Analysis
-
max time kernel
151s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
15-03-2022 04:05
Static task
static1
Behavioral task
behavioral1
Sample
04b54cd88268fc3d58814ed4f56da7c464579b8d31193451098014a3c92a721f.dll
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
04b54cd88268fc3d58814ed4f56da7c464579b8d31193451098014a3c92a721f.dll
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
04b54cd88268fc3d58814ed4f56da7c464579b8d31193451098014a3c92a721f.dll
-
Size
261KB
-
MD5
183bf2217d4d1bbc07bbfc3982c327b0
-
SHA1
e84dd9420f0652da51b9ebfe61ecbfe434e9e52f
-
SHA256
04b54cd88268fc3d58814ed4f56da7c464579b8d31193451098014a3c92a721f
-
SHA512
8239784f114d750a2ca63e482983b132b8a789ae76785f4e20eec19000e12b44742dbb05f19d2025482994bfc6fba65796cfad3711ec85f1dee4271573a04e2c
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 2200 3516 WerFault.exe rundll32.exe 3484 3516 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
rundll32.exedescription pid process target process PID 3516 wrote to memory of 2200 3516 rundll32.exe WerFault.exe PID 3516 wrote to memory of 2200 3516 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\04b54cd88268fc3d58814ed4f56da7c464579b8d31193451098014a3c92a721f.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3516 -s 4082⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3516 -s 4082⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 416 -p 3516 -ip 35161⤵